21959 matches found
CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57751 WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...
Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...
WordPress Permalink Manager for WooCommerce plugin <= 1.0.8.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by dodoh4t in WordPress Plugin Permalink Manager for WooCommerce versions = 1.0.8.2...
WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by R2D2 in WordPress Plugin pCloud WP Backup versions = 2.0.2...
CVE-2026-58451
CVE-2026-58451 concerns Horde IMP prior to 7.0.1. A path traversal flaw in lib/Compose.php enables an authenticated attacker to read arbitrary server files by inserting traversal sequences after the CKEditor path prefix in img src URLs. The issue circumvents prefix validation by appending travers...
CVE-2026-57723
CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...
WordPress Heateor Social Login plugin <= 1.1.39 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by ParkHyunWoo in WordPress Plugin Heateor Social Login versions = 1.1.39...
CVE-2026-12158
The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...
CVE-2026-12158 RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter
The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...
CVE-2026-12158
The CVE pertains to the WordPress plugin RegistrationMagic – User Registration Forms Plugin, vulnerable to Cross-Site Request Forgery up to version 6.0.9.1 due to missing/incorrect nonce validation in process_request. This allows unauthenticated attackers to escalate a form submitter’s privileges...
CVE-2026-58518
Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...
CVE-2026-11981
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.15.3 This is due to missing nonce validation on the givesetnotificationstatushandler function. This makes it possible for unauthenticated attackers to disable donation email notificatio...